Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Brian:Apparently they were watching the wrong type of missiles.Apparently they were watching the wrong type of payloads.Apparently they were watching the wrong type of shots.Apparently they were watching the wrong type of O-rings.Apparently they were watching the wrong type of re-entry procedure.Apparently they were watching the wrong type of liquid coolant.Apparently they were watching the wrong type of emergency ejection.Apparently they were watching the wrong type of solid rocket.Apparently they were watching the wrong type of holding pattern.Apparently they were watching the wrong type of engine flameout.Apparently they were watching the wrong type of fire surpression system.Apparently they were watching the wrong type of throttle up.

Stewie: Name 5 more.

Brian:Apparently they were watching the wrong type of loading the cargo bay.Apparently they were watching the wrong type of playing with the funny arm.Apparently they were watching the wrong type of rubber suit.Apparently they were watching the wrong type of trans docking.Apparently they were watching the wrong type of linkup.

Stewie: Name 6 more.

Brian:Apparently they were watching the wrong type of system failure.Apparently they were watching the wrong type of manual procedure.Apparently they were watching the wrong type of stirring the tank.Apparently they were watching the wrong type of evacuation procedure.Apparently they were watching the wrong type of moon rover.
Apparently they were watching the wrong type of boot to the moon.

Stewie: (Throws guitar on the floor) F(bleep) you!

Brian:
Apparently they were watching the wrong type of separation procedure.
Apparently they were watching the wrong type of Weiner von Braun.
Apparently they were watching the wrong type of 'tang.
Apparently they were watching the wrong type of...

actually, yeah, most of us would be out on our asses if our employers caught us looking at porn. The reason people tag links NSFW is because you can get fired for even accidentally clicking on non-pornographic nudity.

actually, yeah, most of us would be out on our asses if our employers caught us looking at porn. The reason people tag links NSFW is because you can get fired for even accidentally clicking on non-pornographic nudity.

So these guys might have just been looking at Wikipedia [wikipedia.org], or perhaps at Wikipedia [wikipedia.org]? Caution, some Wikipedia pages (like those two) might actually be considered NSFW in really incredibly prudish places, simply because they contain photos of human genitalia (but non-prurient photos).

The people who need to be fired are the network administrators who aren't filtering external traffic properly in the first place. And why not fire this director who doesn't see that's the true source of the problem?

Why blame the network admin? He didnt make you go to those sites. Sure you could say that if it was filtered they wouldnt go to the sites but that is not the point. These are adults, working in what is a pretty important function with major security concerns. There is no one to blame but those who typed in the address and clicked enter.

The people who need to be fired are the network administrators who aren't filtering external traffic properly in the first place.

That doesn't really fix the problem. It sounds like a good idea until you realize you're pitting the network admin against the users. His job isn't to get involved with a game of cat and mouse. Most admins grow tired of being expected to have an airtight physical defense when there's no complementary policy in place.

A better response is to have the network admins place reasonably good filtering in place. Not airtight. Not filters that interfere with legitimate traffic. Filters with a zero-false-positive. Then if someone is still watching porn, it's easy to demonstrate that they're taking steps to bypass the filtering. Make it clear to the staff that deliberately bypassing the filters is a fireable offense.

This solves most of the problem all at once. No collateral damage, no borderline unfair calls, reasonable expense, and accountability where it belongs.

It also makes the perps easier to catch, since they don't have to spend hours trying to different things before they finally find the inevitable crack in the armor. They'll try basic things like proxy or direct IP etc. Those are easy to prove as deliberate while at the same time being easy to detect. If you're placing the entire onus on the net admin, the users can dig at your defenses all day long without so much as a wrist-slap, and when they finally discover another way, they've' not only beat you, you may have a difficult time noticing you've been beat. And then you are the bad guy for having "allowed" them to violate policy.

I've been in charge of cat and mouse before. I'd set something up, they'd find a way around it. I'd add another net. They'd stop for a bit and then they'd find a way around it. Rinse and repeat. All the while the manager wouldn't bother to yank one of them into the office and discuss the perils of working hard to break company policy. The filters finally got tight enough that the manager started having problems with some of his downtime, and then things really got weird. You don't want to be here.

"against company policy" needs to mean "you don't do that here", not "we're going to try to stop you from doing that here".

It sounds like a good idea until you realize you're pitting the network admin against the users. His job isn't to get involved with a game of cat and mouse.

I don't only agree, I'd go a step further: The admins job is not to filter content, but to keep the network running.

Filter malware, yes. Content? Why should the admin care if that image shows a tit or a cat?

Maybe I'm too open-minded but I don't get what the fuss is all about. If I came upon a co-worker or even a subordinate watching porn, I'd be more worried that he's not working than what he is watching. Sure it's not very tasteful, but as long as his hands stay out of his trousers (or skirt, let's stop pretending only men watch porn), I don't care all that much. Maybe if our society were a little less sexually repressed, we could focus on what actually matters instead of political correctness?

Fun fact,Almost every time I view the router logs and find porn sites in them, it happens that someone violated the security policy and brought unsecured media from home and infected their work system, clicked yes for a popup and installed something or somehow infected the computer with malware that the Antivirus didn't pick up. I don't know if it cause and effect where the malware caused the porn lookups or if the malware was the result of the porn lookups, but I know a symptom of the malware was pornograp

That's why people bring their own notebooks and watch porn with their phone's personal hotspot.

As a network admin, dealing with employees "wasting company time" isn't my job, so I really don't get too involved with it. So I really don't care if they jack up their personal computer. But I must admit I feel even less sorry for them when they wasted company time to do it in the first place. Serves them up a heaping fresh pile of "serves you right".

On the technical side we can block access to sites by URL, IP, or keyword... but there are ways to get around these blocks, and implementing/maintaining these controls takes time and money away from more useful projects.

It is far better to instruct employees that such activity is not allowed, and discipline (including termination if necessary) those who do not follow the policy.

I can see an argument for the case that in a defense environment there

We cannot block it all. Quick, where is the list, updated minute to minute, of every porn site on the net? There is none and cannot be one. If hjfwiufiwubfqwfuwwe.com serves up porn, how am I supposed to know?

In many places, there is an assumption that the people working there are adults and don't need net-nanny and it's many false positives. Since the employees were caught and no malware got in, the network is apparently being properly monitored and filtered.

The real question is, why arent these less than half a dozen getting fired?If they have time to watch porn, then the position they are filling is not required.

There are quire a few positions where periods of activity and waiting alternate. Trying to "remove the slack" in such scenarios typically results in small savings in periods of passivity and huge disasters in periods of activity. This is especially true in scenarios like missile defense where activity periods depend on some unpredictable external factor - it's too late to hire staff when the air raid sirens start blaring, and having enough staff to handle a missile attack means that you'll have more than you need when an attack is not incoming.

But even beyond that, human beings aren't capable of giving 100% 8 hours a day. If you try to make them, those who can leave for greener pastures and those who can't concentrate on looking busy, rather than doing their job. The end result is that you'll end up with incompetent, unmotivated people trying their best to deceive the management.

But perhaps this isn't about wasted time but porn. If so, then please remember that this is a position that likely requires quite a bit of highly specialized training. Is punishing people for being impure sinners a good enough reason to justify the cost of training their replacements? Maybe, maybe not - but since this training would come out of taxpayer money, it would probably be best to not pay to enforce any moral code that doesn't absolutely have to be.

I spent some time working with the FAA. The person I replaced had been fired for viewing porn at work. The case was still in litigation up to two years after he was fired, due to the union. I'm not really sure what was being argued, but my manager had to go to hearings every once a while.

I kind of assumed these would be military positions, but the summary mentions employees and contractors, so perhaps that is where the union is getting involved (In the case of employees. Contractors are used in a lot of

Disagree. There are lots of jobs out there where your role is to basically wait for something to happen, and if it does happen, handle it. They may even be pretty highly paid and important jobs, depending on what "something happening" is what exactly what "handling it" involves. I'd say that the guys responsible for handling an incoming nuclear missile attack are pretty damn important. There's not many things where it's more important that they be handled properly if they happen, or that we hope they don't

Many years ago, when I was working on a large govt contract, one of the GS civilian managers got caught messing around with his secretary in one of the stairwells (security cameras? where?) and was not fired. He was instead 'promoted' into some position that, best I could tell, involved organizing social events and morale/team building activities. Since he couldn't be fired, he was placed in a slacker, low-stress position where he wouldn't be entrusted with anything that was actually important.

So these people spend their entire work life sitting around waiting, and when finally the emergency arrives, they simultaneously turn their keys and actively participate in ending life on Earth once and for all...

Suicide seems like an honorable alternative to a life so thouroughly wasted.

Because flash animations and other movie formats have been used as vectors for malware in the past. So if they're using missile defense computers to watch porn, they are potentially infecting critical defense computers with trojans that could be exploited by an enemy.

I suppose that if they're bringing their commercial DVDs, or personal home movies through the security checkpoints it might be OK, but then they would need to explain their collection to their wives/SOs.

"Using what is called steganography, Cunningham said, a programmer can embed malicious computer code that infects computers, opens ports, steals data or gains access to networks when photos, videos or other files are downloaded."

Now, THAT's news. So, now, instead of malware writers using steganography to hide commands or payload data accessed by normal executable malware code, we have steganographic malware that autoexecutes just by being downloaded! I'll get started on the GIMP payload filter...

Unlikely as it sounds, it's definitely possible... For example, a number of years ago a bug in the windows gdi rendering system could allow arbitrary code execution when viewing a malformed jpeg picture: http://tinyurl.com/c5z3rfy [tinyurl.com]
And later, an even easier exploit came along where a legacy printer macro file format (don't remember the extension) simply renamed to jpeg would allow the execution of a script when the 'image' was viewed in Internet explorer since both file formats were supported by the

I don't think the GP was claiming that it doesn't happen. Image formats are relatively complex, and compressed audio and video formats doubly so. If you're going to have a security hole in an OS or a browser, odds are good that it will be in a codec somewhere.

That said, what we have here is a pretty egregious misuse of the term steganography. Steganography refers to hiding data inside other data. A trojan image file that exploits a bug in your browser to load malware isn't steganography because there is no actual image. There's no hiding. It is merely the misrepresentation of one type of data as another type of data, which is a trojan horse, not steganography.

Steganography would be Chinese dissidents using image files that contained a subtle watermark in the least significant bits to send coded messages to one another, or someone embedding a piece of software in the low order bits of an MPEG stream. Those examples meet the core requirement that the enclosing data be at least ostensibly plausible data. Note that opening such a photo or MPEG stream reveals a photo or a movie. It does not execute anything, because if it did, the secret payload wouldn't be very hidden, now would it?:-)

I seem to remember reading about an indestructible cookie that some academic had created. It was actually a number of cookies sprinkled around the system. They checked on eachother constantly and in the case that one was deleted the others would recreate it. One part of it was actually a graphic file, possibly a GIF if memory serves.

An image in the browser cache, with javascript reading the pixel values. The 'evercookie' also used a conventional cookie, and a flash cookie, and a few other methods too. Upon visiting the site, if even one of the cookie copies could be read it would recreate the others.

Now, THAT's news. So, now, instead of malware writers using steganography to hide commands or payload data accessed by normal executable malware code, we have steganographic malware that autoexecutes just by being downloaded! I'll get started on the GIMP payload filter...

I wish I knew what the guy really meant, because that's pure bullshit.

Images that "autoexecute"??? The only thing that it might reference is some overflow in in whatever displays the image. But that is certainly not "steganography".

Or of course, there is the old trick of "install this codec to view Anna Kournikova blowjob video! Is anyone who works on missile defence really that dumb? There certainly are malware infested porn sites. But the images are just images.

It's news to me that what are supposed to be professional soldiers/airmen have to be reminded not to engage in non-work related activity while on duty. (Whatever happened to "You can review the field manual during periods of inactivity. No, you absolutely cannot read the newspaper while on duty.")

It's news to me that people are using what are probably supposed to be secure or semi-secure systems to browse non-work-related sites on the public Internet.

If you can configure a proxy with 100% success rate, you should be an NSA, not DoD. It's impossible with anything more permissible than a verified white list, and even then, you could still get errors.

I think the most disparaging problem is how the west has treated Russia. Bush basically said, stop kicking and screaming, you not going to harm us with the missile defense shield. We ignored their concerns on a lot of other things and demanded they support our positions on others. We even bribed them to follow our stances. We were at odds with them on Egypt, Lybia, and I think Russia pretty much put their foot down with Syria- and China seems to support them.

It because a problem when some of the computers started getting viruses and trojans from the porn sites.

Nothing against porn sites, but it IS a huge problem if their workstations are able to connect that easily to the global Internet. That's NOT supposed to be allowed in this sensitive environment. Then again, we're talking about the whole MDA bureaucratic personnel, not about the few NORAD staffers.

Not that this is really news worthy but who cares if they are watching porn? This is a legitimate job that has to be staffed 24/7 and probably requires about 20min worth of total combined labor in a typical year. Being the military that is increased to maybe a few days labor worth of redundant checklists over the course of the year.

Not that this is really news worthy but who cares if they are watching porn? This is a legitimate job that has to be staffed 24/7 and probably requires about 20min worth of total combined labor in a typical year. Being the military that is increased to maybe a few days labor worth of redundant checklists over the course of the year.

Having done jobs where your sole purpose most of the time is just to be there waiting I understand the lack of things to do. Still Gotta love the fact that beyond the normal workplace squimishness their main concern was viruses and malware, which porn sites have actually gotten a lot better about policing these days.

Or are you comfortable with missile defense computers looking at porn sites (which have been consistent virus vectors in years past)? Even if those are not hooked up to the main computers all it takes is one mistake...

Also when you sign up to the military you sign away rights. You also sign on for people telling you 24/7 what to do and where to pee.

When I used to run a network. I told people do what you want on your own time and on your OWN hardw

Even if those are not hooked up to the main computers all it takes is one mistake...

But perhaps not watching porn increases the likelyhood of making a mistake? Who knows what they'll do when they get really bored and have no porn, video games or other distraction, they'll probably start screwing around with the missile systems...

I highly doubt the missile systems are tied to any sort of network. Either way toss up a guest wifi net and leave them alone. Believe me, there are worse ways for people with missile keys and too much time of their hands to vent their slowly building frustrations.

There is also nothing about a porn site that makes it more likely to harbor malware. Most of the infections I've seen came from financial sites.

This is a legitimate job that has to be staffed 24/7 and probably requires about 20min worth of total combined labor in a typical year.

You can't know that.

SAC in the fifties became known for its relentless drill and discipline. It is what the military demands and expects on assignments like this.

Those who do not measure up get transfered out.

There is somewhere worse than mainland Alaska in the U.S. Military. An island called Shemya in the Aleutians, a group of islands off the coast of the Alaskan Peninsula. According to legend, the wind never drops below 60 knots, the temperature never rises above -20 C and there's a 10-foot visibility fog 300 days of the year. Primary duty there is clearing the runway of obstructions. Every time someone left, they took a rock with them so someday there would be no more island and no one would ever have to go back. Or so that legend goes/

Oh, yeah - and YOU'RE going to be willing to push that button after Lance has been there jerking off all day. Fuck that - let somebody else launch the missile, I'm going to go get some chlorox and a gallon purel before I even think about touching it.

Oh, yeah - and YOU'RE going to be willing to push that button after Lance has been there jerking off all day. Fuck that - let somebody else launch the missile, I'm going to go get some chlorox and a gallon purel before I even think about touching it.

Johnson: [notices Dr. Evil's spaceship on radar] Colonel, you better take a look at this radar.Colonel: What is it, son?Johnson: I don't know, sir, but it looks like a giant--[cut to the sky in two jets]Jet Pilot: Dick!Dick: Yeah?Pilot: Take a look outta starboard.Dick: Oh, my God! It looks like a huge--[cut to a forest with 2 birdwatchers]Bird-Watching Woman: Pecker!Bird-Watching Man: [raises his binoculars] Oh, where?Bird-Watching Woman: Wait! that's not a woodpecker. It looks like someone's--[cut to a boot camp]Army Sergeant: PRIVATES! We have reports of an unidentified flying object! It is a long, smooth shaft, complete with--[cut to a baseball game]Umpire: 2 balls! [looks up from game] What is that? That looks just like an enormous--[cut to a Chinese school]Teacher: Wang! Pay attention!Wang: I was distracted by that enormous flying--[cut to a concert with Willie Nelson and another guitarist]Musician: Willie.Willie: Yeah?Musician: What's that?Willie: [looks up] Well, it looks like a giant--[cut back to headquarters]Colonel: Johnson!Johnson: Yes, sir!Colonel: Get on the horn to British Intelligence and let them know about this!

The US Missile Defense agency doesn't have any sort of content filter that could block this type of thing? You'd think they could use a simple whitelisting system - there can't be that many sites outside of *.gov that Missile Defense workers legitmately need to access from work. Let them use a smart phone in the lunchroom (outside of secure areas) when they need to update Facebook (or browse porn).

This surprises me as well: I work at a government facility, and it's locked down to the point where I can't get a fair number of sites that actually relate to my job, never mind something work-inappropriate.

The article says that less than half a dozen individuals were found to be accessing inappropriate material. That's out of over 8,000 individuals who work at MDA - one memo was sent out to address the problem.

From article: U.S. missile defense workers have been warned that porn on the job is not allowed. It's not just a question of public security due to distraction, but there's also the risk of computer security due to malware found on many such sites.

So they're running Windows machines. Check. Thanks for the information.:>

See the following documentary on why this is a bad idea:http://www.imdb.com/title/tt0086567/ [imdb.com]
It documents an early attempt to remove the humans from the loop, and some of the problems encountered.

Clearly they are just studying new shaft designs for missiles. We are always turning to nature to inspire us. Maybe we need to lube the rockets before we penetrate mother earth's atmosphere. You would never get such an idea without porn. Science.

there's actually a serious reason why they shouldn't permit internet-porn-watching in U.S. classified military networks. if they really really want to watch porn, they should provide *isolated* computers and DVDs - or the personnel should bring their own personal machines into the building (if permitted).

criminals *know* that lots of people watch porn, so they make sure that such sites are loaded with viruses. even just knowing, now, that U.S. military watch porn, you can be damn sure that there will be f

Then prosecute them under sexual harassment law. As managers share legal liability with a company if they knowingly permit such a situation (such as participating in it). They can keep their jobs (government employees are almost impossible to fire), let people take them to civil court until they've had enough.

I'm going to assume they have their critical workstations airgapped and these are their email/other workstations where they can access situational awareness information.

Simple way to resolve this is to allow access to whitelist-only pre-approved sites. We do this in our SCADA control room. SCADA machines are airgapped, and email/documentation machines are white-list only.

We do give them access to Terminal Servers in a DMZ which have less-restricted Internet access.

This goes against the whole slashdot groupthink on this story, but you know what.. I don't care if they are looking at porn or not.

These people are stuck in damn boring situations for long hours and I really don't need or want to know what they do with that time. If they really are using their tech well enough I am guessing a computer would pick up any incoming well before a human could comprend it anyway.

Fairly, however, an employee should be instructed as to what is and is not appropriate for work before they can be disciplined for violating it.

The problem is: some employers leave the judgment of "appropriate" up to the employee. Right up to the point at which some crybaby complains. Surf porn sites at work. Generally not a good idea. But Tea party, anti Semitic, or racist sites? If they happen to be aligned with the bosses' political/social agenda, no problem.

How is that right? I mean, I feel a lot less comfortable sitting next to someone immersed in fundie Xtian crap than the Naked News.